The ‘DarkSword’ attack technique can stealthily extract messages, contacts, stored credentials, cryptocurrency wallets, and more from iPhones using iOS 18.4 to 18.6.2. If you’ve delayed updating to iOS 26, now might be an opportune moment. On Wednesday, researchers detailed a new hacking tool targeting iPhones on iOS 18.4 to 18.6.2, previously reported by Wired. The “DarkSword” exploit allows unauthorized access to personal data on iPhones visiting harmful links and has been employed by Russian hackers.
The Google Threat Intelligence Group collaborated with cybersecurity firms Lookout and iVerify to assess the threat, which might impact up to 270 million devices on iOS 18. Upon accessing a compromised website, Google reports that DarkSword utilizes six distinct vulnerabilities to execute an attack on Safari, enabling data collection of text messages, contacts, credentials, iCloud files, photos, cryptocurrency wallets, call logs, and location history, among others.
Google informed Apple about this vulnerability in late 2025. According to Apple spokesperson Sarah O’Rourke, Apple patched the “underlying vulnerabilities” last year, releasing an emergency software update last week for older devices unable to update to newer iOS versions.
DarkSword employs a “hit-and-run” tactic, allowing data extraction and disappearing before detection methods can respond, noted by Lookout. Google claims Russian state hackers targeted Ukraine, Saudi Arabia, Malaysia, and Turkey using DarkSword. They also employed another iOS exploit kit, Coruna. iVerify states that the hackers left DarkSword’s code easily accessible for others to exploit.
Users in Lockdown Mode, offering enhanced security for targeted individuals, aren’t affected by this attack. Apple and Google have also blocked the malicious links utilized in DarkSword assaults on Safari and Chrome.
O’Rourke emphasizes that keeping software updated is essential for maintaining high security, as updates include the latest security fixes and protections.